From: Nicholas Chapel (nicholas.chapel@gmail.com)
Date: Wed May 23 2007 - 15:10:05 EDT
On 5/23/07, Paul Dickens <paul.dickens@iop.org> wrote:
> Another point, who still uses WEP in business? Clearly some must in order
> to get such a response from your posting. I thought WEP was flawed
> technology!
Yes, WEP is deeply flawed, and has been for a very long time. Recent
developments have made it even weaker than it already was, now that
it's become widespread news that packet re-injection and spoofed
deauthentication are able to generate sufficient traffic to crack the
key in only a few minutes. The fact that WEP is profoundly broken is
old news. But to answer your question, a *lot* of businesses are
using it. I can't comment on larger firms with an established
information security infrastructure, but almost all of the smaller and
medium-sized businesses I've worked with have been running WEP. This
includes medical offices and other companies that work with sensitive
data. To make matters worse, many if not most of them are running on
older hardware and/or software that is incapable of supporting WPA,
never mind WPA2. It's really quite terrifying.
Regards,
--Nick
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:49 EDT